1. 18 May, 2018 1 commit
  2. 28 Mar, 2018 2 commits
  3. 05 Mar, 2018 1 commit
  4. 28 Feb, 2018 1 commit
  5. 25 Feb, 2018 1 commit
  6. 22 Feb, 2018 1 commit
  7. 07 Feb, 2018 1 commit
  8. 06 Feb, 2018 3 commits
  9. 22 Dec, 2017 1 commit
  10. 08 Dec, 2017 1 commit
  11. 23 Nov, 2017 1 commit
  12. 20 Oct, 2017 1 commit
  13. 02 Aug, 2017 1 commit
  14. 01 Aug, 2017 1 commit
  15. 27 Jul, 2017 1 commit
  16. 13 Jul, 2017 1 commit
    • Robin Bobbitt's avatar
      Fixes needed when GitLab sign-in is not enabled · 672a68d3
      Robin Bobbitt authored
      When sign-in is disabled:
       - skip password expiration checks
       - prevent password reset requests
       - don’t show Password tab in User Settings
       - don’t allow login with username/password for Git over HTTP requests
       - render 404 on requests to Profiles::PasswordsController
      672a68d3
  17. 11 Jul, 2017 1 commit
  18. 21 Jun, 2017 1 commit
  19. 16 Jun, 2017 2 commits
  20. 14 Jun, 2017 1 commit
  21. 08 Jun, 2017 1 commit
  22. 07 Jun, 2017 1 commit
  23. 05 Jun, 2017 3 commits
    • Michael Kozono's avatar
      Clarify error messages · e8972c11
      Michael Kozono authored
      And refactor to self-document a little better.
      e8972c11
    • Michael Kozono's avatar
      Move CI access logic into GitAccess · bad08fbe
      Michael Kozono authored
      bad08fbe
    • Michael Kozono's avatar
      Fix Git over HTTP spec · ff8a053d
      Michael Kozono authored
      * The spec has 7 failures at this point
      * Specify rendered error messages
      * Render the GitAccess message rather than “Access denied”
      * Render the Not Found message provided by GitAccess, instead of a custom one
      * Expect GitAccess to check the config for whether Git-over-HTTP pull or push is disabled, rather than doing it in the controller
      * Add more thorough testing for authentication
      * Dried up a lot of tests
      * Fixed some broken tests
      ff8a053d
  24. 17 Apr, 2017 1 commit
  25. 14 Apr, 2017 4 commits
  26. 13 Apr, 2017 1 commit
  27. 07 Mar, 2017 1 commit
    • Markus Koller's avatar
      Don't allow blocked users to authenticate through other means · 93daeee1
      Markus Koller authored
      Gitlab::Auth.find_with_user_password is currently used in these places:
      
      - resource_owner_from_credentials in config/initializers/doorkeeper.rb,
        which is used for the OAuth Resource Owner Password Credentials flow
      
      - the /session API call in lib/api/session.rb, which is used to reveal
        the user's current authentication_token
      
      In both cases users should only be authenticated if they're in the
      active state.
      93daeee1
  28. 23 Feb, 2017 2 commits
  29. 05 Feb, 2017 1 commit
  30. 26 Jan, 2017 1 commit